Menu
Is it possible to enable branch protection rules at the organisation level in Github so that all repositories part of that organisation inherit these rules for the applied branches. Right now its really a hassle to enable those same set of rules on a per repo basis for same set of branches.
931
asked Jan 16 '19 18:01
I got it to work using a simple ruby script that makes use of the GitHub APIs :-
require "json"
require "logger"
LOGGER = Logger.new(STDOUT)
def run(cmd)
LOGGER.debug("Running: #{cmd}")
output = `#{cmd}`
raise "Error: #{$?}" unless $?.success?
output
end
def repos(page = 1, list = [])
cmd = %Q{curl -s --user "user:pwd" https://github_url/api/v3/orgs/org_name/repos?page=#{page}}
data = JSON.parse(run(cmd))
list.concat(data)
repos(page + 1, list) unless data.empty?
list
end
repos.each do |repo|
require 'net/http'
require 'uri'
require 'json'
uri = URI.parse("https://github_url/api/v3/repos/org_name/#{repo["name"]}/branches/master/protection")
request = Net::HTTP::Put.new(uri)
request.basic_auth("user", "pwd")
request["Accept"] = "application/vnd.github.luke-cage-preview+jso"
request.body = JSON.dump({
"required_status_checks" => {
"strict" => true,
"contexts" => [
"continuous-integration/travis-ci"
]
},
"enforce_admins" => true,
"required_pull_request_reviews" => {
"dismiss_stale_reviews" => true
},
"restrictions" => nil
})
req_options = {
use_ssl: uri.scheme == "https",
}
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
http.request(request)
end
endTaken from @Ashley 's answers, updated it a bit, with a slight change to reflect current Github's API URLs and, added customization using GITHUB_ORG and GITHUB_ACCESS_TOKEN environment variables.
require "json"
require "logger"
$org = ENV["GITHUB_ORG"]
$token = ENV["GITHUB_ACCESS_TOKEN"]
LOGGER = Logger.new(STDOUT)
def run(cmd)
LOGGER.debug("Running: #{cmd}")
output = `#{cmd}`
raise "Error: #{$?}" unless $?.success?
output
end
def repos(page = 1, list = [])
cmd = %Q{curl -s -u dummy:#{$token} https://api.github.com/orgs/#{$org}/repos?page=#{page}}
data = JSON.parse(run(cmd))
list.concat(data)
repos(page + 1, list) unless data.empty?
list
end
repos.each do |repo|
p(repo["name"])
require 'net/http'
require 'uri'
require 'json'
uri = URI.parse("https://api.github.com/repos/#{$org}/#{repo["name"]}/branches/master/protection")
request = Net::HTTP::Put.new(uri)
request.basic_auth("dummy", $token)
request["Accept"] = "application/vnd.github.luke-cage-preview+jso"
request.body = JSON.dump({
"required_status_checks" => {
"strict" => true,
"contexts" => []
},
"enforce_admins" => true,
"required_pull_request_reviews" => {
"dismiss_stale_reviews" => true
},
"restrictions" => nil
})
req_options = {
use_ssl: uri.scheme == "https",
}
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
http.request(request)
end
p(response)
end
You should try using the Github API's update branch protection endpoint with some kind of automated process to apply branch protection rules to all new branches in your organization.
PUT /repos/:owner/:repo/branches/:branch/protection
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
